Domain 1

Question 1

Risk that an activity would pose if no controls were in place (Risk BEFORE controls)

Answer 1

Inherent Risk

Question 2

Role of IS Auditor in CSA process

Answer 2

Facilitator

Question 3

Is hash totals a preventative or detective control

Answer 3

Detective

Question 4

Role of IS audit function is established by?

Answer 4

audit charter

Question 5

An audit charter is approved by

Answer 5

senior management

Question 6

When is it appropriate for an audit charter to change?

Answer 6

only if it can be thoroughly justified; It is not meant to change

Question 7

What type of testing requires gathering evidence to evaluate the integrity of data, transaction, or other information?

Answer 7

Substantive Testing

Question 8

Compliance testing sampling method that is more effective (attribute vs variable)

Answer 8

Attribute sampling

Question 9

most important success factor for CSA

Answer 9

line management involvement

Question 10

Risk assessment is (subjective or objective)

Answer 10

subjective

Question 11

Overarching document that covers the entire scope of activities in an entity

Answer 11

audit charter

Question 12

focused on a particular audit exercise that is sought to be initiated by an organization

Answer 12

engagement letter

Question 13

backup procedures are which type of control (preventative or corrective)

Answer 13

corrective

Question 14

Probability of an event occurring
and
its consequences

Answer 14

Risk

Question 15

describe the authority and responsibilities of the audit department

Answer 15

audit charter

Question 16

Testing that checks for the presence of controls

Answer 16

Compliance Testing

Question 17

Testing that checks for the integrity of control contents

Answer 17

Substantive Testing

Question 18

first step of risk assessment

Answer 18

identify assets

Question 19

online audit technique that is most effective for the early detection of errors or irregularities

Answer 19

audit hook

Question 20

primary objective of IS Audit function

Answer 20

determine whether information systems safeguard assets and maintain data integrity

Question 21

1. Identify Assets
2. Identify Risk (Threat or Vulnerability)
3. Impact Analysis (Qualitative or Quantitative)
4. Prioritize risk (based on Impact)
5. Evaluate/ choose the best controls
6. Apply controls

Answer 21

6 Steps of Risk Assessment

Question 22

Risks that are not in our control.

i.e. Earthquake, Fire, Hackers, Malware, System Failure, Criminals

Answer 22

Threat

Question 23

Weakness that is in our control.

i.e. weak coding, missing anti-virus, weak access controls

Answer 23

Vulnerability

Question 24

Risk that remains after controls are implemented (Risk AFTER Controls) “Residue”

Answer 24

Residual Risk

Question 25

Risk that auditors will not detect material misstatement in financial statements

Answer 25

Detection Risk

Question 26

Risk that a material misstatement occurs but is not detected, corrected, or prevented by internal controls

Answer 26

Control Risk

Question 27

inherent risk * control risk * detection risk

Answer 27

Audit Risk

Question 28

What establishes the IS Audit function?

Answer 28

Audit Charter

Question 29

Who approves the Audit Charter?

Answer 29

Top Management/ Highest level of management

Question 30

What is included in the audit charter?

Answer 30

Authority, Scope, and Responsibilities of the Audit Function

Question 31

What influences the auditors decisions/responsibilities/ roles within the audit?

Answer 31

Audit Charter

Question 32

How often should the audit charter change?

Answer 32

It should NOT change. If it does, it has to be thoroughly justified.

Question 33

Are these included in the audit charter?
-audit calendar, audit planning, yearly resource allocation, routine audit activities (professional fees and travel expenses/ budgets

Answer 33

NO, they change too often and are not aligned with the “authority, scope, or responsibilities of the audit function”